Chkrootkit messages ?

Bob Goodwin bobgoodwin at wildblue.net
Mon May 1 12:59:52 UTC 2006


This is a fairly new FC5 installation, new ISP, and new wireless router 
system, all together adding up to numerous possibilities for errors.  I 
installed and ran "chkrootkit" this morning with the following result 
and don't know how to deal with it?  Any suggestions appreciated.

Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... You have     1 process hidden for readdir command
You have     1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
Checking `rexedcs'... not found
Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'...  The tty of the following user process(es) were 
not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! root         2301 tty7   X :0 -auth /root/.serverauth.2284
chkutmp: nothing deleted

I scanned from "/" with f-prot yesterday and there were no indications 
of "infection."

Thanks.

Bob Goodwin   Zuni, Virginia   w2bod




More information about the fedora-list mailing list